From 7ff5c2e346a8efeba0c27f473271d8298a1266c2 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Fri, 8 Dec 2023 09:00:57 -0800 Subject: delete configuration for old machines These machines are gone, no need to keep the configuration around. --- hosts/carmel/default.nix | 35 -------- hosts/carmel/hardware.nix | 26 ------ hosts/carmel/home.nix | 6 -- hosts/carmel/networking.nix | 114 -------------------------- hosts/carmel/secrets/secrets.nix | 9 -- hosts/carmel/secrets/wireguard_privatekey.age | 13 --- hosts/carmel/services.nix | 18 ---- 7 files changed, 221 deletions(-) delete mode 100644 hosts/carmel/default.nix delete mode 100644 hosts/carmel/hardware.nix delete mode 100644 hosts/carmel/home.nix delete mode 100644 hosts/carmel/networking.nix delete mode 100644 hosts/carmel/secrets/secrets.nix delete mode 100644 hosts/carmel/secrets/wireguard_privatekey.age delete mode 100644 hosts/carmel/services.nix (limited to 'hosts/carmel') diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix deleted file mode 100644 index 67c768b..0000000 --- a/hosts/carmel/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ self, ... }: - -{ - imports = [ - ./hardware.nix - ./networking.nix - ./services.nix - "${self}/profiles/server.nix" - "${self}/profiles/hardware/amd.nix" - "${self}/profiles/nginx.nix" - "${self}/profiles/router.nix" - "${self}/profiles/monitoring/exporter.nix" - "${self}/profiles/monitoring/promtail.nix" - ]; - - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - - services.avahi = { - enable = true; - # Important to resolve .local domains of printers, otherwise you get an error - # like "Impossible to connect to XXX.local: Name or service not known" - nssmdns = true; - reflector = true; - interfaces = [ "mgmt0" "iot" ]; - openFirewall = true; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? -} diff --git a/hosts/carmel/hardware.nix b/hosts/carmel/hardware.nix deleted file mode 100644 index 44f46ae..0000000 --- a/hosts/carmel/hardware.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/88b61fbd-a74e-4458-bf2e-65721bb06497"; - fsType = "ext4"; - }; - - fileSystems."/boot/efi" = - { - device = "/dev/disk/by-uuid/779F-4030"; - fsType = "vfat"; - }; - - swapDevices = [ ]; -} diff --git a/hosts/carmel/home.nix b/hosts/carmel/home.nix deleted file mode 100644 index 6fb5fc2..0000000 --- a/hosts/carmel/home.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ self, ... }: { - - imports = [ - "${self}/home/modules/home.nixhome" - ]; -} diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix deleted file mode 100644 index 99c9796..0000000 --- a/hosts/carmel/networking.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ lib, ... }: -let - ethLink = (name: - (mac: { - matchConfig = { - Type = "ether"; - MACAddress = mac; - }; - linkConfig.Name = name; - })); - - vlanNetdev = (name: - (id: { - netdevConfig = { - Name = name; - Kind = "vlan"; - }; - vlanConfig.Id = id; - })); - - vlanNetwork = (name: - (id: { - matchConfig.Name = name; - - # Embed ID directly in IPv4 address for clarity. - address = [ "192.168.${toString id}.1/24" ]; - })); -in -{ - systemd.network = { - enable = true; - - links."10-wan0" = ethLink "wan0" "a8:a1:59:43:95:36"; - networks."10-wan0" = { - matchConfig.Name = "wan0"; - networkConfig.DHCP = "ipv4"; - dhcpV4Config = { - UseDNS = true; - UseDomains = true; - - # Don't release IPv4 address on restart/reboots - SendRelease = false; - }; - }; - - links."15-mgmt0" = ethLink "mgmt0" "a0:36:9f:fa:5d:6c"; - networks."15-mgmt0" = { - matchConfig.Name = "mgmt0"; - address = [ "192.168.0.1/24" ]; - vlan = [ "iot" "guest" ]; - networkConfig = { - DHCP = "no"; - Domains = "home"; - }; - }; - - # unused interface - links."16-mgmt1" = ethLink "mgmt1" "a0:36:9f:fa:5d:6d"; - - # IoT VLAN. - netdevs."25-iot" = vlanNetdev "iot" 10; - networks."25-iot" = vlanNetwork "iot" 10; - - # Guest VLAN. - netdevs."30-guest" = vlanNetdev "guest" 20; - networks."30-guest" = vlanNetwork "guest" 20; - - # ignore these interfaces, as they are not used - wait-online.ignoredInterfaces = [ "mgmt1" "wlp8s0" ]; - }; - - # don't use systemd-resolved on the router - services.resolved.enable = false; - - networking.hostName = "carmel"; - networking.useDHCP = false; - - networking.firewall = { - enable = true; - allowPing = true; - # If rejectPackets = true, refused packets are rejected rather than dropped (ignored). This - # means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST - # packet in case of an existing connection). Rejecting packets makes port scanning somewhat - # easier. - rejectPackets = false; - - trustedInterfaces = [ "mgmt0" "iot" "guest" "wg0" ]; - - logRefusedConnections = true; - logRefusedPackets = false; - logReversePathDrops = true; - - interfaces = { - "wan0" = { - allowedTCPPorts = [ - 22 # ssh - 51413 # transmission - ]; - allowedUDPPorts = [ - 35947 # wireguard - 51413 # transmission - ]; - }; - }; - }; - - networking.nat = { - enable = true; - externalInterface = "wan0"; - internalInterfaces = [ "mgmt0" "guest" "iot" ]; - }; - - networking.private-wireguard.enable = true; -} diff --git a/hosts/carmel/secrets/secrets.nix b/hosts/carmel/secrets/secrets.nix deleted file mode 100644 index c6f0b35..0000000 --- a/hosts/carmel/secrets/secrets.nix +++ /dev/null @@ -1,9 +0,0 @@ -let - root = "age1ey5kk4hufygu7wuw4p6dmtxaem08lshuk4p9nj0sw7ynh0lexvrsnudehr"; - fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj"; - backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6"; - all = [ root fcuny backup ]; -in -{ - "wireguard_privatekey.age".publicKeys = all; -} diff --git a/hosts/carmel/secrets/wireguard_privatekey.age b/hosts/carmel/secrets/wireguard_privatekey.age deleted file mode 100644 index 09c9b6a..0000000 --- a/hosts/carmel/secrets/wireguard_privatekey.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> X25519 FPkiLvi9JeC3vBiE8cEkaTCVbUsGkhabsAe3aGjXQgU -xiMkThXk5jqHpDBRvTfdBaTcp8onJxvT7aANkvgjTbE --> X25519 oZwPWtnuEOFquxzbvNeO8kj5qhRhZGhncjqh1MpQRH8 -qORK1U5x5WIDqHN54m+mAgTVehF35QYoOF1/HRT07os --> X25519 6qSLagkBc18qhavfkTlCl17ADvVyWeTKMEUZCIqwaXk -cXuJK0dr3+Vov3agaJDA0o+OEs0fFLaHapNBo9GvHx0 --> J-grease ~`?4bjZ T9vNE:D N 1$3hAU[ -sMR56U11qdo+L37M02hD/EC6cJKrCaQZc8N2v+I8uXPvPHhRDHp8lQQBmSfyPaG6 -VaenaaWt+hH37CxKv0yJM7PcnHdTI2GshQ3MiWkfWrDlW8B6 ---- 9X5ZgTvWnS9+Z94gRRN2iyDFrixCC9lpFbhhTxnHOOA -Za -A}}%YGVU;@ΰ{eVEmŁa &!q;uB[¸< \ No newline at end of file diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix deleted file mode 100644 index 6694950..0000000 --- a/hosts/carmel/services.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: { - services.nginx = { - streamConfig = '' - server { - listen 443; - proxy_timeout 2s; - proxy_pass 192.168.6.40:443; - } - - server { - listen 80 reuseport; - proxy_timeout 2s; - proxy_pass 192.168.6.40:80; - } - ''; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} -- cgit 1.4.1